On the security of subspace subcodes of Reed-Solomon codes for public key encryption

TL;DR

This paper analyzes the security of McEliece-like encryption schemes using subspace subcodes of Reed-Solomon codes, revealing vulnerabilities through a new polynomial-time distinguisher and an attack that compromises some parameters.

Contribution

It introduces the twisted product operation and demonstrates a practical attack on certain subspace subcode-based encryption schemes.

Findings

A new polynomial-time distinguisher for subspace subcodes

An efficient attack breaking some proposed parameters

Identification of security vulnerabilities in recent schemes

Abstract

This article discusses the security of McEliece-like encryption schemes using subspace subcodes of Reed-Solomon codes, i.e. subcodes of Reed-Solomon codes over $\mathbb{F}_{q^m}$ whose entries lie in a fixed collection of $\mathbb{F}_q$-subspaces of $\mathbb{F}_{q^m}$. These codes appear to be a natural generalisation of Goppa and alternant codes and provide a broader flexibility in designing code based encryption schemes. For the security analysis, we introduce a new operation on codes called the twisted product which yields a polynomial time distinguisher on such subspace subcodes as soon as the chosen $\mathbb{F}_q$-subspaces have dimension larger than $m/2$. From this distinguisher, we build an efficient attack which in particular breaks some parameters of a recent proposal due to Khathuria, Rosenthal and Weger.